April 11, 2014 at 8:46 am
Yep, that's the story. Also, if I assign another role (so they're under public and setupadmin, or public and serveradmin), they can't log in.
The default db is master for all roles and live user logins.
Thanks
April 11, 2014 at 8:55 am
Ok, on the login dialogue box, under Options can you get them to specify the database name (by typing it in, not browsing for it)- see attached- then clicking Connect?
April 11, 2014 at 9:03 am
Related to this, if you check the permissions in the master database, has anybody removed access from the public role? It should be there, with a tick under Grant Connect (unless that is you have given this role elevated permissions for some reason, which is unlikely).
April 11, 2014 at 9:43 am
In order:
Made no difference.
Public is wide open.
Thanks
April 11, 2014 at 9:46 am
It sounds like they're trying to connect to a database that doesn't exist, then. Are you auditing failed logins? If so check what it says in the SQL log. (Sorry if you've done that already!)
April 11, 2014 at 9:52 am
They're connecting to master, which I promise, regular swear, and pinky swear exists. I'm not seeing these even show up in the login failure report. Dang.
April 11, 2014 at 9:58 am
Do any of the server roles have DENYs on them?
SELECT SUSER_NAME(grantee_principal_id), permission_name
FROM sys.server_permissions
WHERE state_desc = 'DENY'
John
April 11, 2014 at 10:05 am
No sir. That query comes back empty.
April 11, 2014 at 10:10 am
I think the login failure error you're getting points to not being able to open the specified database. What is the default database for the user(s) this is affecting? Either give them access to that database, or (which is what I do) set the default to master for all users.
John
Edit: Oops - someone has already suggested that!
April 11, 2014 at 10:13 am
Yes, that's what I'm saying; state 38 means 'Login valid but database unavailable (or login not permissioned for that database)'.
April 11, 2014 at 10:16 am
I thought the exact same thing, but every login and role has permissions to the master database, and the master database permissions are open. Wild stuff.
April 11, 2014 at 10:20 am
Is the guest user definitely enabled for master?
April 11, 2014 at 11:07 am
Beatrix Kiddo (4/11/2014)
Is the guest user definitely enabled for master?
It looks to be so. Let me know if you'd like me to query differently.
SELECT name, permission_name, state_desc
FROM sys.database_principals dp
INNER JOIN sys.server_permissions sp
ON dp.principal_id = sp.grantee_principal_id
WHERE name = 'guest'
namepermission_namestate_desc
guestVIEW ANY DATABASEGRANT
guestCONNECTGRANT
guestCONNECTGRANT
guestCONNECTGRANT
guestCONNECTGRANT
April 14, 2014 at 2:09 am
I know you said the default database is master for all logins, but please humour me - what does this return?
SELECT name
FROM sys.server_principals
WHERE default_database_name <> 'master'
John
April 14, 2014 at 8:36 am
John Mitchell-245523 (4/14/2014)
I know you said the default database is master for all logins, but please humour me - what does this return?
SELECT nameFROM sys.server_principals
WHERE default_database_name <> 'master'
John
Hi John,
Can you let me know what you'd be looking for in this list? There are some client specific service account names I wouldn't feel comfortable posting.
Thanks
Viewing 15 posts - 16 through 30 (of 31 total)
You must be logged in to reply to this topic. Login to reply